WAN connection through a Linux machine
Shachar Shemesh
shachar at shemesh.biz
Tue Apr 20 13:56:47 IDT 2010
Dan Shimshoni wrote:
> shachar,
> I googled for "MSS Squashing". Got 0 results!
>
> What is this "MSS Squashing"? and how is it related to this issue?
>
> rgs,
> DS
>
>
>
The term used in the iptables man page is "clamp-mss-to-pmtu"
The ethernet maximal transfer unit (MTU) is 1500 bytes (more or less,
but in practice, this is the default). Since pppoe has some overhead,
the effective MTU on ppp0 is lower (about 1470 bytes). Packets sent out
by your machine B broadcast the desired packet length on the return path
through a TCP option called MSS (maximal segment size).
Theoretically, TCP will figure out on its own that the path MTU (PMTU)
is lower than the end MTU as advertised by the MSS. This has two
disadvantages:
1. It has worse performance than advertising the correct number in the
MSS to begin with
2. Some firewalls block the ICMP message used to report this case (code
3 type 4 - "fragmentation needed but don't fragment set"). As a result,
you get "black hole" syndrom.
The solution is to have iptables alter the MSS field of the TCP option
to the value it knows is correct.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100420/8d19e645/attachment.html>
More information about the Linux-il
mailing list